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This listing of claims will replace all prior versions, and listings, of claims in the application. 
Listing of Claims: 

1 . (Currently Amended) A computer-implemented method for controlling access to 
docimients during a workflow, comprising: 

upon entry of a base document into a workflow, creating a workflow working copy of 
the base document; 

selectively providing a user access to the base document depending upon the identity 
of a user; 

selectively providing a user access to the workflow working copy of the base 
document depending upon the identity of a user; and 

if a user is provided access to the workflow working copy of the base document, 
selectively providing access to perform operations on the workflow working copy of the base 
document depending upon the identity of a user. 

2. (Currently Amended) The method of claim 1, further comprising: 

storing access control list data in relation to the base document, the access control list 
data defining access controls on performing operations of the workflow working copy of the 
base document; and 

storing security descriptor data in relation to the base document and the workflow 
working copy of the base document, the security descriptor data defining access controls on 
reading the base docimient and the workflow working copy of the base document. 

3. (Currently Amended) The method of claim 2, wherein selectively providing access 
to perform operations on the workflow working copy of the base document depending upon 
the identity of a user, comprises: 

determining using the access control list data stored in relation to the base document 
that a user has permission to perform an operation on the workflow working copy of the base 
document; and 

allowing the user to perform the operation on the workflow working copy of the base 
document. 
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4. (Currently Amended) The method of claim 2, wherein the step of selectively 
providing access to perform operations on the workflow working copy of the base document 
depending upon the identity of a user, comprises: 

determining using the access control Ust data stored in relation to the base document 
that a user does not have permission to perform an operation on the workflow working copy 
of the base document; and 

denying the user access to perform the operation on the workflow working copy of the 
base document. 

5. (Currently Amended) The method of claim 2, wherein the access control list data 
comprises information identifying for each of a plurality of operations, the set of users that 
have permission to perform the operation, and said act of selectively providing access to 
perform operations on the workflow working copy of the base document depending upon the 
identity of a user, comprises: 

referencing the information identifying for each of a plurality of operations, 
the set of users that have permission to perform the operation; and 

if the user is in the set of users that have permission to perform the operation, 
providing access to the operation. 

6. (Currently Amended) The method of claini 2, wherein the access control list data 
comprises information identifying for each of a plurality of operations, the set of users that 
have permission to perform the operation, and said act of selectively providing access to 
perform operations on the workflow working copy of the base document depending upon the 
identity of a user, comprises: 

referencing the information identifying for each of a plurality of operations, 
the set of users that have permission to perform the operation; and 

if the user is not in the set of users that have permission to perform the 
operation, denying access to the operation. 
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7. (Previously Presented) The method of claim 5, wherein the set of users are defined 
in terms of the roles that have permission to perform the operation, and said act of 
referencing the information identifying for each of a plurality of operations, the set of users 
that have permission to perform the operation, comprises: 

resolving for the user the set of roles to which the user has been assigned; and 
determining using the set of roles to which the user has been assigned and the 

set of users defined in terms of the roles that have permission to perform the operation, 

whether the user has permission to perform the requested operation. 

8. (Currently Amended) The method of claim 2, wherein selectively providing a user 
access to the workflow working copy of the base document depending upon the identity of a 
user, comprises: 

determining using the security descriptor data stored in relation to the base document 
and the workflow working copy document, that a user has permission to read the workflow 
working copy of the base document; and 

providing the user access to the workflow working copy of the base document. 

9. (Currently Amended) The method of claim 2, wherein selectively providing a user 
access to the workflow working copy of the base document depending upon the identity of a 
user, comprises: 

determining using the security descriptor data stored in relation to the base document 
and the workflow working copy document, that a user does not have permission to read the 
workflow working copy of the base document; and 

denying the user access to the workflow working copy of the base document. 

10. (Currently Amended) The method of claim 2, wherein the security descriptor data 
comprises information identifying the set of users that have permission to read each of the 
base document and the workflow working copy of the base document, and said act of 
selectively providing access to the workflow working copy of the base document depending 
on the identity of the user, comprises: 
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referencing the information identifying the set of users that have permission to 
read each of the base document and the workflow working copy of the base document; and 

if the user is in the set of users that have permission to read the workflow 
working copy of the base document, providing access to the workflow working copy of the 
base document. 

1 1 . (Currently Amended) The method of claim 10, wherein the set of users are 
defined in terms of the roles that have permission to read each of the base document and the 
workflow working copy of the base document, and said act of referencing the information 
identifying the set of users that have permission to read each of the base document and the 
workflow working copy of the base document, comprises: 

resolving for the user the set of roles to which the user has been assigned; and 
determining using the set of roles to which the user has been assigned and the 
set of roles that have permission to read each of the base document and the workflow 
working copy of the base docxmient, whether the user has permission to read the base 
document or the workflow working copy of the base document. 

12. (original) A computer-readable media having stored thereon computer- 
executable instructions for performing the steps recited in claim 1 . 

13. (Currently Amended) A system for providing document isolation in a workflow 
environment, comprising: 

a processor, wherein said processor is operable to execute instructions for performing 
the following acts: 

maintaining for a base document undergoing a publishing workflow, a 
workflow copy of the base document; 

maintaining access control data in relation to the base document and the 
workflow copy of the base document, 

upon receipt of a request to access the base document, selectively determining 
based on the access control data to provide access to the base document; and 
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upon receipt of a request to access the base document, selectively determining based 
on the access control data to provide access to the workflow copy of the base document. 

14. (Currently Amended) The system of claim 13, wherein the access control data 
comprises security descriptor data identifying the set of users that have permission to read the 
base document and the workflow copy of the base document, the set of users comprising 
reviewers and approvers 

15. (Currently Amended) The system of claim 14, wherein said processor is operable 
to execute instructions for performing the following acts: 

referencing the security descriptor data; and 

determining that a user should be directed to the workflow copy of the base 
document based on the security descriptor data. 

16. (Currently Amended) The system of claim 15, wherein the security descriptor data 
identifies a set of roles corresponding to the set of users that have permission to read the base 
document and the workflow copy of the base document, and wherein said processor is 
operable to execute instructions for performing the act of determining the set of roles that a 
user has been assigned. 

17. (Currently Amended) The system of claim 13, wherein the access control data 
comprises access control list data identifying the set of users that have permission to perform 
operations on the workflow copy of the base document. 

18. (Currently Amended) The system of claim 17, wherein said processor is operable 
to execute instructions for performing the following acts: 

referencing the access control list data; and 

determining that a user should be allowed to perform an operation on the 
workflow copy of the base document based on the access control list data. 
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19. (Currently Amended) The system of claim 18, wherein the access control list data 
identifies a set of roles corresponding to the set of users that have permission to perform 
operations on the workflow copy of the base document, and wherein said processor is 
operable to execute instructions for performing the act of determining the set of roles that a 
user has been assigned. 

20. (Currently Amended) A method for controlling access to operations that may be 
performed on a document, comprising: 

upon creation of a workflow, creating a workflow copy of a base document; 
receiving a request to create a new operation that may be performed on the 
workflow copy of the base document; 

assigning a unique identifier to the new operation; 

updating an access control list to include an entry for the unique identifier for 
the new operation; and 

updating the access control list to include an entry identifying the roles that 
have access to the new operation. 

21. (Currently Amended ) The method of claim 20, further comprising updating the 
access control list to change roles that have access to the new operation in response to a 
change from a first state to a second state in the state occupi e d b y the workflow working copy 
of the document in the workflow. 

22. (Original) The method of claim 20, wherein the workflow is a publishing 
workflow and the new operation is at least one of the following: review and approve. 

23. (Currentiy Amended) The method of claim 20, further comprising: 
receiving a request to perform the new operation on the workflow copy of the base 

document; 

determining using the access control list whether to allow access to the new operation. 
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24. (Original) The method of claim 23, wherein detemiining using the access control 
list whether to allow access to the new operation comprises comparing a user's roles with the 
roles identified in the access control list as having access to the new operation. 

25. (withdrawn) A computer-implemented method of controlling access to 
documents, comprising: 

maintaining a first list defining who may access a base document; 

maintaining a second list defining who may perform operations on the base document; 

upon receipt of a request fi-om a user to create a workflow, accessing the first list and 
the second list to determine whether the user may create a workflow relating to the base 
document; 

if the first list and the second list indicate the user may create a workflow relating to 
the base document, creating a copy of the base document; and 

while the copy of the base document is in the workflow, in response to requests to 
access the base document, accessing at least the first list to determine whether to provide 
access to the copy of the base document. 

26. (withdrawn) The method of claim 25, wherein maintaining a first list 
defining who may access a base document comprises maintaining a list of security 
descriptors. 

27. (withdrawn) The method of claim 25, wherein maintaining a second Ust 
defining who may perform operations on the base document comprises maintaining an access 
control list. 

28. (withdrawn) The method of claim 25, fiirther comprising updating the 
second list upon creation of the copy of the base document to identify who may perform 
operations on the copy of the base document. 
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29. (withdrawn) The method of claim 25, wherein maintaining a first Ust 
defining who may access a base document comprises maintaining a first Ust defining roles 
that may access a base document. 

30. (withdrwan) The method of claim 25, further comprising maintaining a third 
list defining who may access the copy of the base document. 

3 1 .(New) The method of claim 1 , further comprising replacing the base 
document with the working workflow document upon exit of the base document from the 
workflow. 

32. (New) The system of claim 13, further comprising upon exit of the base 
document from the workflow replacing the base document with the workflow copy of the 
base document. 



Page 9 of 15 



